isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,726 Commits 1 Branch 0 Tags
0f40753d46bfd704869e77d25c765a81ff1e3457
Commit Graph

18 Commits

Author SHA1 Message Date
Todd C. Miller
e343e07543 Use #include <foo.h> instead of #include "foo.h" in most cases. 
We rely on the include path to find many of these headers.  It
especially doesn't make sense to use #include "foo.h" for headers
in the top-level include directory.
 2023-09-25 10:13:28 -06:00
Todd C. Miller
3e21c8da5c Add missing PVS Studio Open Source comments. 
Also avoid checking protobuf-c source and protobuf-c generated files.
 2022-06-29 09:45:04 -06:00
Todd C. Miller
e5834bd405 Use #include <config.h> not #include "config.h" for consistency. 
Otherwise, some compilers may do the wrong thing in a build
dir if there is a config.h file in the source dir too.
 2022-06-29 08:47:16 -06:00
Todd C. Miller
15f167c3a0 Fix uninitialized use of ca_store when building with wolfSSL. 2022-05-27 11:23:45 -06:00
Todd C. Miller
69fa04f069 Include the cert or ca file in error messages where applicable. 2022-05-17 10:44:18 -06:00
Todd C. Miller
a82fe9aa06 Add missing include of string.h for strerror(3). 2022-05-17 09:31:22 -06:00
Todd C. Miller
d7df7abf87 If ERR_reason_error_string() returns NULL, fall back on strerror(errno). 
That way we get reasonable error messages for missing files, etc.
 2022-05-17 09:18:03 -06:00
Todd C. Miller
3ba807b70f set_dhparams: pass BIO_new_file() "r" for the file mode, not O_RDONLY. 
Unlike BIO_new_fp(), BIO_new_file() takes an fopen-style mode string.
 2022-05-17 08:38:49 -06:00
Todd C. Miller
ed13faf9f6 Use BIO_new_file() not BIO_new_fd() to read dhparams file. 
Older versions of OpenSSL and wolfSSL lack BIO_new_fd().
Also explicitly include openssl/bio.h and openssl/dh.h for wolfSSL.
 2021-10-26 19:26:20 -06:00
Todd C. Miller
cc6157d7d4 Add support for WolfSSL's OpenSSL compatibility layer. 
Based on changes from Hayden Roche
 2021-10-25 13:17:57 -06:00
Todd C. Miller
8a9c8794d0 Use SSL_FILETYPE_PEM with SSL_CTX_use_PrivateKey_file, not X509_FILETYPE_PEM 
While they are defined to the same value in OpenSSL one should not
rely on this.
 2021-10-24 14:47:49 -06:00
Todd C. Miller
4e0b77be4b tls_init.c: use SSL_CTX_set0_tmp_dh_pkey if present. 
Fixes a warning on OpenSSL 3.0 and plugs a memory leak of dhparams
on config reload.
 2021-09-17 10:55:06 -06:00
Todd C. Miller
aee82efe45 Display the correct error message if X509_verify_cert() fails. 
We must use X509_STORE_CTX_get_error() and X509_verify_cert_error_string()
instead of the generic OpenSSL error functions.
 2021-07-27 14:49:28 -06:00
Todd C. Miller
36fbb13c4c Use TLS_method() instead of TLS_client_method() throughout. 
OpenSSL returns an error for SSL_accept() if TLS_client_method()
was used to generate the context (LibreSSL doesn't care).

Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method()
were used in the TLS client and server initialization code respectively.
This was refactored in sudo 1.9.7 to allow the code to be shared.
Bug #988
 2021-07-26 13:40:25 -06:00
Todd C. Miller
5a3bbba12b Use sudo_warnx?() instead of sudo_debug_printf for errors. 
We now hook the warn functions so the messages are logged.
The messages still show up in the debug log too.
 2021-06-15 13:58:12 -06:00
Todd C. Miller
8f0c16f06e Only initialize the SSL library once. 2021-04-08 15:14:13 -06:00
Todd C. Miller
d92610ee43 Rename LOGSRVD_DEFAULT_CIPHER_LST13 to DEFAULT_CIPHER_LST13 2021-04-06 17:03:30 -06:00
Todd C. Miller
71e5275a1c Move common TLS initialization code to tls_init.c. 2021-03-10 16:29:27 -07:00